Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-10 | CVE-2023-50449 | Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | 7.5 |
| 2023-12-09 | CVE-2023-6120 | Path Traversal vulnerability in Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. | 2.7 |
| 2023-12-08 | CVE-2023-46493 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 |
| 2023-12-08 | CVE-2023-46496 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | 8.3 |
| 2023-12-08 | CVE-2023-46497 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | 5.4 |
| 2023-12-07 | CVE-2023-6577 | Path Traversal vulnerability in Byzoro Patrolflow-Am-2530Pro Firmware 20231126 A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. | 4.3 |
| 2023-12-07 | CVE-2023-33411 | Path Traversal vulnerability in Supermicro products A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | 7.5 |
| 2023-12-07 | CVE-2023-47440 | Path Traversal vulnerability in Gladysassistant Gladys Assistant Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. | 6.5 |
| 2023-12-07 | CVE-2023-46307 | Path Traversal vulnerability in Buddho Etcd Browser An issue was discovered in server.js in etcd-browser 87ae63d75260. | 7.5 |
| 2023-12-04 | CVE-2023-5105 | Path Traversal vulnerability in Najeebmedia Frontend File Manager Plugin The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` | 6.5 |